Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE Vulnerable to Cross-Browser Spyware Attack

Posted by timothy on from the if-you-must-run-windows-remove-ie dept.

An anonymous reader writes "The Register reports that Firefox can be used to infect IE on Windows. By visiting a malicious site with Firefox, a user can infect their install of Internet Explorer. Other alternative browers may expose the same vulnerability. The article quotes the CTO of ScanSafe as saying that '[j]ust switching away from IE does not give adequate projection. Now that Firefox and other alternative browsers have a toehold in the market the hacking community will get busy exploiting the vulnerabilities that exist in any complex browser.'" VitalSecurity's report points out that this vulnerability can (only) affect Windows users who use Sun's Java Runtime Environment.

30 of 619 comments (clear)

  1. Same old story by Zone5 · · Score: 5, Funny

    "IE vulnerable to new attack" - shouldn't we find some sort of shorthand for this, since it happens so often?

    I have to imagine Slashdot's bandwidth saving would be enormous.

    --
    "So on one hand, honey is an amazingly sophisticated and efficient food source. On the other hand it's bee backwash."
  2. Remove IE..... by LittleLebowskiUrbanA · · Score: 5, Funny

    Yeah, I'll get right on that Timothy. Removing IE is so easy on Windows.... Not like it's built into the OS or anything.

    --
    This guy is way out there
  3. What do I need? by WormholeFiend · · Score: 4, Funny

    switching away from IE does not give adequate projection

    What do I need to be able to project my fears of infection adequately?

  4. Re:who fixes it? by winkydink · · Score: 1, Funny

    Yeah, its not like they ever offer any fixes or anything. Get real.

    --

    "I'd rather be a lightning rod than a seismometer." -Ken Kesey

  5. Re:who fixes it? by miffo.swe · · Score: 3, Funny

    This is an IE problem, not Firefox. The only way of fixing it will be uninstalling Internet Explorer and i dont think Microsoft will find that amusing at all if Mozilla went ahead and did that!

    --
    HTTP/1.1 400
  6. The Four Rules of Browsing the Net on Windows by Deep+Fried+Geekboy · · Score: 5, Funny

    1. You can't win
    2. You can't break even
    3. You can't get out of the game
    4. No matter how hard you shake it, the last drop always rolls down your pant leg.

    --

    I'm not wrong. You haven't thought about it hard enough.

  7. Re:who fixes it? by Bob+Loblaw · · Score: 5, Funny

    Sure they'll fix it ... by silently uninstalling Firefox using their next IE "this fixes numerous security flaws" super-updates.

  8. As a faithful Slashdot Reader by AbbyNormal · · Score: 2, Funny

    and Firefox user, I would like to add my two cents:

    "Lies! All Lies! Firefox cannot be hacked! Lies!".

    Thank you for your support.

    --
    Sig it.
  9. Can't resist by Hyksos · · Score: 5, Funny

    I know there's been a fair share of MS-bashing already but I just can't resist... It's pretty funny that IE is so insecure that its security holes exist in other programs :)

  10. Re:Is it still a security hole? by Ironsides · · Score: 2, Funny

    how about this
    exploit = no user input required other than visiting website
    users-doing-something-dumb = clicking yes to a security warning (that's teh best name I can come up for this) or something more brain intensive

    --
    Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
  11. hmm.. by deszaras · · Score: 2, Funny

    So what does it really do? Pop up more pr0n banners? I love this automated feature, actually.

  12. How about IVABUG? by jd · · Score: 3, Funny
    IVABUG = (I)nternet Explorer's (V)ulnerable to (A)ttack, because some component is (BUG)gy.


    Alternatively, there's the more generic ESF - (E)xploitable (S)ecurity (F)arce. This is the exact inverse of ESP, in that it is something that should have been predicted but wasn't, rather than the other way round.


    For bugs from the (usual) Corporate culprits - Microsoft, Sun and IBM, I suggest that these be called ISMs.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  13. In other news by killmenow · · Score: 2, Funny

    IE Vulnerable to Cross-Application Spyware Attack

    Some website reports that KEYGEN.EXE can be used to infect IE on Windows. By running a malicious KEYGEN with Windows, a user can infect their install of Internet Explorer. Other alternative cracks may expose the same vulnerability. The article quotes the CTO of Obvious, Inc. as saying that '[j]ust switching away from IE does not give adequate projection. Now that BitTorrent and other alternative file-sharing tools have a toehold in the market the hacking community will get busy exploiting the vulnerabilities that exist in any feeble mind.'" Killmenow's report points out that this vulnerability can (only) affect Windows users who are morons.

  14. Re:Caveat by Klivian · · Score: 3, Funny

    >A little hobgoblin to pop out of their computer and whack them in the head with a mallet
    Hey, that was actually a great idea for a new family of USB gadgets.

  15. We already have one by AvantLegion · · Score: 5, Funny
    >> "IE vulnerable to new attack" - shouldn't we find some sort of shorthand for this, since it happens so often?

    "Monday".

  16. YAIEE!!! by Anonymous Coward · · Score: 1, Funny

    YAIEE!

    Yet Another IE Exploit!

  17. Re:Caveat by Rei · · Score: 4, Funny

    Electro-shock keyboard perhaps?

    "Lets just change this DONT-BLAME-SENDMAIL option here...." *Zzzzz!!!* "@#*(%&@*!!!!"

    "Now, to change this mail server to an open relay..." *Zzzzz!!!* "*@#$&%*$!!!!"

    "Lets just install the Java Desktop system..." *Zzzzz!!!* "^#$&@%@!!!!"

    --
    "Here's a fun fact: the moon has turned to blood!" -- Newscaster, "Jesus Christ Supercop"
  18. Waiting... by Beefslaya · · Score: 1, Funny

    For the patch from Microsoft to disable all Internet capabilities of Explorer...Please, please, please!!

  19. You know it would happen by Anonymous Coward · · Score: 3, Funny

    BUG REPORT:

    When I visit a web page and it prompts me to install something, a little hobgoblin pops out of my computer and whacks me on the head with a mallet when I click yes.

    After this happens, my computer slows down and I get lots of popups. I think the hobgoblin has infected me with a virus. Please disable the hobgoblin so I can install things from websites easier. And stop it from infecting me with viruses! Can't you guys program a computer right?

  20. Re:Caveat by rreyelts · · Score: 5, Funny

    Funny that. The dialog box has three (count them - 1, 2, 3) exclamation icons, has a title that says "Warning - Security", explicitly states that the certificate is invalid and issued by an untrusted company, and has "No" as the default selected button. What more can be asked of Sun?

    I suggest that Java make loud, obnoxious noises and shout Monty Python quotes at the user at an intolerable volume if he perchances to select "Yes", against all warnings.

    Exploit, my ass.

  21. Re:Caveat by Auckerman · · Score: 5, Funny

    ""The security certificate was issued by a company that is not trusted."

    While that read likes perfect valid english to me, knowing things that are irrelevant to my daily life and all, most people would NEVER understand that statement.

    A clearer statement like "It is probable that a VIRUS is trying to install on your computer, do you want to STOP this VIRUS from installing" with a "yes" and "no" for the check box with "yes" the default.

    --

    Burn Hollywood Burn
  22. Re:Caveat by lazlo · · Score: 5, Funny

    Absolutely. Replace your force-feedback mouse with the new force-bitchslap mouse.

    WHAP! No clicky!

    --
    Pound! Bang! Bin! Bash! is this a shell script or a Batman comic?
  23. Re:Not a browser issue and not a Java issue by mopslik · · Score: 4, Funny

    How do you defend against that?

    Clearly, all software should only be installable from floppy disks, and not from over the Internet. That way, script kiddies would have to send people their exploits by snail mail, with a note attached that reads:

    2 C pix of Natalie p0rtman nood, reboot ur PC with this disk & type FORMAT C:

    Still, I'm sure there'd be a few who did...

  24. Re:Caveat by yodaj007 · · Score: 2, Funny

    I would really rather not exploit your ass.

    --
    These aren't the sigs you're looking for.
  25. Re:Caveat by jthayden · · Score: 2, Funny
    The user has seen enough web dialogs to know that when you see one, you click yes.


    Social engineering, I'd start writing dialog boxes that require you to click no.

    "Do you not want to install?"

  26. Re:Unfair analogy by 0x461FAB0BD7D2 · · Score: 5, Funny

    Never been to Tennessee have you?

  27. Re:Caveat by Anonymous Coward · · Score: 3, Funny

    Rich Cook: "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning."

  28. Forget the warnings! by itistoday · · Score: 4, Funny
    Sorry to rip off a bash quote, but this has to be said:
    <xterm> The problem with America is stupidity. I'm not saying there should be a capital punishment for stupidity, but why don't we just take the safety labels off of everything and let the problem solve itself?
    --
    Best. Webhost. Ever. Dreamhost.
  29. Re:Caveat by ThisIsFred · · Score: 2, Funny

    Can't your browser just read the contents of the 'evil' field from the certificate? If it's set to 'true', you don't run it!

    --
    Fred

    "A fool and his freedom are soon parted"
    -RMS
  30. Doesn't work with bash by grahamsz · · Score: 2, Funny

    I just tried

    alias /bin/su="echo you suck"

    and it hurt my feelings